Skills
skills/ninehills/skills/deep-research/Gen Agent Trust Hub

deep-research

Warn

Audited by Gen Agent Trust Hub on May 1, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The README.md and requirements.txt suggest installing a tool named search-cli from a third-party Homebrew tap (199-biotechnologies/tap). This external tool is the primary mechanism for data retrieval and operates outside the standard package registries.
  • [COMMAND_EXECUTION]: The skill uses the Bash tool and subprocess.run to execute various commands, including search-cli, weasyprint for PDF generation, and several internal Python scripts (citation_manager.py, evidence_store.py, etc.) to maintain research state and validate output.
  • [PROMPT_INJECTION]: The skill is susceptible to Indirect Prompt Injection (Category 8). It ingests untrusted data from the web (Phase 3: RETRIEVE) and interpolates this data into prompts for synthesis and critique (Phases 5 and 6). While the skill employs structured evidence capture and validation scripts, the synthesis of external content remains an inherent risk factor for prompt-based manipulation.
Audit Metadata
Risk Level
MEDIUM
Analyzed
May 1, 2026, 09:17 PM